Bypass F5 ASM

Question

Has anyone attempted to bypass F5 ASM? &nbsp;
I tried the built-in features in nmap, sqlmap, and WAFW00F but unable to detect and bypass F5 ASM. I don't know if I did it right. I also found this article https://packetstormsecurity.com/files/131781/F5-BIG-IP-ASM-11.4.1-Filter-Bypass.html by adding "Content-Type: application/json" but it is also not helping. &nbsp;
I wonder if anyone has experiences to bypass F5 ASM? If you do, please share the approach and I do appreciate it. &nbsp;
Thanks!!&nbsp;

chris_grant · Answer

If the ASM is properly configured, you should not be able to bypass it.  If you can bypass it this would be considered either a misconfiguration or a defect.&nbsp;
The URL you reference is well known to me and requires a very specific configuration on the ASM.  You would need to have the ASM configured to handle both JSON and form encoded data on the same URL (a highly specialized and unusual configuration to say the least).  For most users this would be a misconfiguration, as a web application would normally either process JSON or form encoded data, possibly both on different URLs, but not likely both on the same URL.  &nbsp;
If you are the administrator of the ASM it is fairly trivial to configure the BigIP to bypass the ASM for specific requests using Local Traffic Policies or iRules.  As an end user this should not be possible.&nbsp;

Forum Discussion

Bypass F5 ASM

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

About AWAF "Redirect URLs" in "Responses and Blocks"

ISP Bandwidth Utilization

F5 Rseries HA

Related Content

Bypass certificate check

Increasing ASM log capacity in F5

Use x-forwarded-for to bypass authentication?

F5 ASM | count violation

F5 ASM | Web Server Probe Signture